The branch master has been updated
via e1dd8fa00a1e06d27c8b024dac7657a8d8a9b451 (commit)
via 2894e9cb6de62baec5b17d4f248b4ff12eb62005 (commit)
from 723a7c5af0733eb4165947064731570adfa7457a (commit)
- Log -----------------------------------------------------------------
commit e1dd8fa00a1e06d27c8b024dac7657a8d8a9b451
Author: Matt Caswell <[email protected]>
Date: Tue Dec 5 13:37:26 2017 +0000
Fix the check_fatal macro
The check_fatal macro is supposed to only be called if we are already
expecting to be in the fatal state. The macro asserts that we are and
puts us into the fatal state if not.
This issue combined with the problem fixed in the previous commit meant
that the fuzzer detected a crash at a point in the processing when we
should have already been in the fatal state.
Reviewed-by: Rich Salz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/4847)
commit 2894e9cb6de62baec5b17d4f248b4ff12eb62005
Author: Matt Caswell <[email protected]>
Date: Tue Dec 5 13:36:13 2017 +0000
Fix bug in TLSv1.3 PSK processing
The recent SSL error overhaul left a case where an error occurs but
SSLfatal() is not called.
Credit to OSSfuzz for finding this issue.
Reviewed-by: Rich Salz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/4847)
-----------------------------------------------------------------------
Summary of changes:
ssl/statem/extensions_srvr.c | 13 ++++++++-----
ssl/statem/statem.c | 2 +-
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index c626ba6..b07376f 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -850,11 +850,14 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int
context, X509 *x,
}
}
- if (PACKET_remaining(&binder) != hashsize
- || tls_psk_do_binder(s, md,
- (const unsigned char *)s->init_buf->data,
- binderoffset, PACKET_data(&binder), NULL,
- sess, 0, ext) != 1) {
+ if (PACKET_remaining(&binder) != hashsize) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+ SSL_R_BAD_EXTENSION);
+ goto err;
+ }
+ if (tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data,
+ binderoffset, PACKET_data(&binder), NULL, sess, 0,
+ ext) != 1) {
/* SSLfatal() already called */
goto err;
}
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 0cacc4a..29660d5 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -135,7 +135,7 @@ void ossl_statem_fatal(SSL *s, int al, int func, int
reason, const char *file,
#define check_fatal(s, f) \
do { \
if (!ossl_assert((s)->statem.in_init \
- || (s)->statem.state != MSG_FLOW_ERROR)) \
+ && (s)->statem.state == MSG_FLOW_ERROR)) \
SSLfatal(s, SSL_AD_INTERNAL_ERROR, (f), \
SSL_R_MISSING_FATAL); \
} while (0)
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
